|
stop
* method</td>
* <td>This allows code to stop any thread in the system provided that it is
* already granted permission to access that thread.
* This poses as a threat, because that code may corrupt the system by
* killing existing threads.</td>
* </tr>
*
* <tr>
* <td>modifyThreadGroup
* <td>modification of thread groups, e.g., via calls to ThreadGroup
* <code>destroy, getParent
, resume
,
* <code>setDaemon, setMaxPriority
, stop
,
* and <code>suspend methods
* <td>This allows an attacker to create thread groups and
* set their run priority.</td>
* </tr>
*
* <tr>
* <td>getProtectionDomain
* <td>Retrieval of the ProtectionDomain for a class
* <td>This allows code to obtain policy information
* for a particular code source. While obtaining policy information
* does not compromise the security of the system, it does give
* attackers additional information, such as local file names for
* example, to better aim an attack.</td>
* </tr>
*
* <tr>
* <td>getFileSystemAttributes
* <td>Retrieval of file system attributes
* <td>This allows code to obtain file system information such as disk usage
* or disk space available to the caller. This is potentially dangerous
* because it discloses information about the system hardware
* configuration and some information about the caller's privilege to
* write files.</td>
* </tr>
*
* <tr>
* <td>readFileDescriptor
* <td>Reading of file descriptors
* <td>This would allow code to read the particular file associated
* with the file descriptor read. This is dangerous if the file
* contains confidential data.</td>
* </tr>
*
* <tr>
* <td>writeFileDescriptor
* <td>Writing to file descriptors
* <td>This allows code to write to a particular file associated
* with the descriptor. This is dangerous because it may allow
* malicious code to plant viruses or at the very least, fill up
* your entire disk.</td>
* </tr>
*
* <tr>
* <td>loadLibrary.{library name}
* <td>Dynamic linking of the specified library
* <td>It is dangerous to allow an applet permission to load native code
* libraries, because the Java security architecture is not designed to and
* does not prevent malicious behavior at the level of native code.</td>
* </tr>
*
* <tr>
* <td>accessClassInPackage.{package name}
* <td>Access to the specified package via a class loader's
* <code>loadClass method when that class loader calls
* the SecurityManager <code>checkPackageAccess method
* <td>This gives code access to classes in packages
* to which it normally does not have access. Malicious code
* may use these classes to help in its attempt to compromise
* security in the system.</td>
* </tr>
*
* <tr>
* <td>defineClassInPackage.{package name}
* <td>Definition of classes in the specified package, via a class
* loader's <code>defineClass method when that class loader calls
* the SecurityManager <code>checkPackageDefinition method.
* <td>This grants code permission to define a class
* in a particular package. This is dangerous because malicious
* code with this permission may define rogue classes in
* trusted packages like <code>java.security or java.lang
,
* for example.</td>
* </tr>
*
* <tr>
* <td>accessDeclaredMembers
* <td>Access to the declared members of a class
* <td>This grants code permission to query a class for its public,
* protected, default (package) access, and private fields and/or
* methods. Although the code would have
* access to the private and protected field and method names, it would not
* have access to the private/protected field data and would not be able
* to invoke any private methods. Nevertheless, malicious code
* may use this information to better aim an attack.
* Additionally, it may invoke any public methods and/or access public fields
* in the class. This could be dangerous if
* the code would normally not be able to invoke those methods and/or
* access the fields because
* it can't cast the object to the class/interface with those methods
* and fields.
</td>
* </tr>
* <tr>
* <td>queuePrintJob
* <td>Initiation of a print job request
* <td>This could print sensitive information to a printer,
* or simply waste paper.</td>
* </tr>
*
* <tr>
* <td>getStackTrace
* <td>Retrieval of the stack trace information of another thread.
* <td>This allows retrieval of the stack trace information of
* another thread. This might allow malicious code to monitor the
* execution of threads and discover vulnerabilities in applications.</td>
* </tr>
*
* <tr>
* <td>setDefaultUncaughtExceptionHandler
* <td>Setting the default handler to be used when a thread
* terminates abruptly due to an uncaught exception</td>
* <td>This allows an attacker to register a malicious
* uncaught exception handler that could interfere with termination
* of a thread</td>
* </tr>
*
* <tr>
* <td>preferences
* <td>Represents the permission required to get access to the
* java.util.prefs.Preferences implementations user or system root
* which in turn allows retrieval or update operations within the
* Preferences persistent backing store.) </td>
* <td>This permission allows the user to read from or write to the
* preferences backing store if the user running the code has
* sufficient OS privileges to read/write to that backing store.
* The actual backing store may reside within a traditional filesystem
* directory or within a registry depending on the platform OS</td>
* </tr>
*
* <tr>
* <td>usePolicy
* <td>Granting this permission disables the Java Plug-In's default
* security prompting behavior.</td>
* <td>For more information, refer to Java Plug-In's guides,
* </tr>
* </table>
*
* @see java.security.BasicPermission
* @see java.security.Permission
* @see java.security.Permissions
* @see java.security.PermissionCollection
* @see java.lang.SecurityManager
*
*
* @author Marianne Mueller
* @author Roland Schemers
*/
public final class RuntimePermission extends BasicPermission {
private static final long serialVersionUID = 7399184964622342223L;
/**
* Creates a new RuntimePermission with the specified name.
* The name is the symbolic name of the RuntimePermission, such as
* "exit", "setFactory", etc. An asterisk
* may appear at the end of the name, following a ".", or by itself, to
* signify a wildcard match.
*
* @param name the name of the RuntimePermission.
*
* @throws NullPointerException if <code>name is null
.
* @throws IllegalArgumentException if <code>name is empty.
*/
public RuntimePermission(String name)
{
super(name);
}
/**
* Creates a new RuntimePermission object with the specified name.
* The name is the symbolic name of the RuntimePermission, and the
* actions String is currently unused and should be null.
*
* @param name the name of the RuntimePermission.
* @param actions should be null.
*
* @throws NullPointerException if <code>name is null
.
* @throws IllegalArgumentException if <code>name is empty.
*/
public RuntimePermission(String name, String actions)
{
super(name, actions);
}
}
Java example source code file (RuntimePermission.java)
The RuntimePermission.java Java example source code/* * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. Oracle designates this * particular file as subject to the "Classpath" exception as provided * by Oracle in the LICENSE file that accompanied this code. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA * or visit www.oracle.com if you need additional information or have any * questions. */ package java.lang; import java.security.*; import java.util.Enumeration; import java.util.Hashtable; import java.util.StringTokenizer; /** * This class is for runtime permissions. A RuntimePermission * contains a name (also referred to as a "target name") but * no actions list; you either have the named permission * or you don't. * * <P> * The target name is the name of the runtime permission (see below). The * naming convention follows the hierarchical property naming convention. * Also, an asterisk * may appear at the end of the name, following a ".", or by itself, to * signify a wildcard match. For example: "loadLibrary.*" and "*" signify a * wildcard match, while "*loadLibrary" and "a*b" do not. * <P> * The following table lists all the possible RuntimePermission target names, * and for each provides a description of what the permission allows * and a discussion of the risks of granting code the permission. * * <table border=1 cellpadding=5 summary="permission target name, * what the target allows,and associated risks"> * <tr> * <th>Permission Target Name * <th>What the Permission Allows * <th>Risks of Allowing this Permission * </tr> * * <tr> * <td>createClassLoader |
... this post is sponsored by my books ... | |
#1 New Release! |
FP Best Seller |
Copyright 1998-2021 Alvin Alexander, alvinalexander.com
All Rights Reserved.
A percentage of advertising revenue from
pages under the /java/jwarehouse
URI on this website is
paid back to open source projects.